—

MAL-2026-4859

Malicious code in telethon-pro-safe (PyPI)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c) During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-telethon-pro-safe

Reasons (based on the campaign):

- rat

- The package overrides the install command in setup.py to execute malicious code during installation.

- exfiltration-credentials

- exfiltration-browser-data

- The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

- The package contains code to detect if it is running in a sandbox environment.

- The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

- infostealer

- obfuscation

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / telethon-pro-safe

No fixed version published yet for telethon-pro-safe (pip). Pin to a known-safe version or switch to an alternative.

참고

https://bad-packages.kam193.eu/pypi/package/telethon-pro-safe [WEB]